Authentication is the process of confirming an attribute or the identity of an individual or device. This process often involves validating certain properties of the individual or device. The validation depends on how well these properties are capable of uniquely identifying the individual or device. In network-related systems and applications, authentication is used to grant access to software or restricted content, distinguish individuals, authorize transactional requests, and so on. When authentication is weak and easily defrauded or does not accurately identify individuals or devices, systems may be misused in ways that can lead to financial losses, user inconveniences, and many other problems.
A common method of identifying an individual or device is by an identifier, e.g., a user id, paired to a password. A password is often a secret word or string of characters that the individual must remember in order to identify himself. Other authentication techniques not requiring the memorization of passwords include recognition of gesture sequences, QR codes, or audio frequency. Another authentication technique includes learning the usage patterns of or gathering information about an individual to find distinctive combinations of attributes that may identify the individual from others. One such attribute may be the individual's biometrics. Biometrics include brain wave patterns, walking patterns, retinal patterns, fingerprints, DNA, facial recognition and anything else that can be used to biologically distinguish between individuals. But these techniques are intrusive, complicated and/or expensive. Biometrics has varying levels of accuracy and uniqueness and often requires more sophisticated hardware than most devices are equipped with. Another authentication technique includes the use of a device in the possession of the user, e.g., a hardware token or a mobile phone. This often works by the device generating or receiving a synchronized password that the individual can provide to an authentication portal which verifies the password. However, this requires that the individual be in possession of the device capable of generating or receiving the password.
Accordingly, systems and methods that provide secure authentication without the use of biometrics or passwords may be desirable.